SDN Journal Authors: Liz McMillan, Yeshim Deniz, Elizabeth White, Pat Romanski, TJ Randall

Related Topics: Containers Expo Blog, Microservices Expo

Containers Expo Blog: Blog Feed Post

How to Enable Service Virtualization Across Hosts

Service Virtualization means that an organization can expose virtual services in front of its infrastructure

One of the core patterns for a Gateway is "Service Virtualization". Service Virtualization means that an organization can expose virtual services in front of its infrastructure. These virtual services can take the form of lightweight REST APIs or heavyweight SOAP Web Services. The Service Virtualization pattern enables you to do neat things, like expose a REST service in front of a SOAP service, and convert REST to SOAP dynamically at the Gateway. You can also use the Gateway to deploy a virtual service in front of a database, or a message queue, or an ESB.

But how does it work? The answer comes down to how the virtual service is advertised to the client. Remember that service interfaces are generally advertised using WSDL (and as of WSDL 2.0, this applies to REST API interfaces as well as SOAP). WSDL includes the address of the service provider host. When the Gateway exposes a virtual service, it must replace this address with the address of the Gateway. Otherwise, clients would simply try to connect to the back-end service, thus attempting to bypass the Gateway.

Here we see an example where the client is pulling down the WSDL of a virtual service from the Vordel Gateway. Notice that the address of the service has been changed to the address of the Gateway:

But what if a client from the outside world accesses the virtual service, via a public Fully-Qualified Domain Name like services.mycompany.com ? Will the WSDL still say "VordelGateway" in it? If so, this would not work.

A neat feature of the Vordel Gateway is that it dynamically virtualizes its services based on how the client calls it.

So, when we call the virtual service using the hostname services.mycompany.com , this is what happens:

Notice that the Vordel Gateway has dynamically virtualized the service with the hostname used by the client. If we'd pulled down the WSDL by its IP address, it would have placed the IP address in there. This is a very neat feature.

The SSL-savvy of you may be thinking "hmm.... those WSDL addresses use SSL but that's going to throw a warning if the hostname changes, and it'll also cause some Java clients not to connect". Well, that points to another neat feature that enables Service Virtualization. The Vordel Gateway implements SSL Server Name Identifier (SNI) which means that when it's called using a particular hostname, it will dynamically use the appropriate SSL certificate (and private key) for that connection. If you right-click on an SSL interface in Policy Studio, you can see this:

Notice in the screenshot above that there are two certificates set. Both must have corresponding private keys (since that's essential for SSL). When the Gateway is called using the name "vordelgateway", it assumes identity "CN=VordelGateway" (CN means "Common Name", in X.509 Certificate jargon). When the Gateway is called using "services.mycompany.com", like in the second screenshot above, it assumes identity "CN=services.mycompany.com". This is all done on the fly. Without this feature, many clients would not connect because the SSL certificate would not match the hostname. But with this feature, it "just works".

For more info, you can register for a live demo of the Vordel Gateway at: http://www.vordel.com/demo.html

Read the original blog entry...

More Stories By Mark O'Neill

Mark O'Neill is VP Innovation at Axway - API and Identity. Previously he was CTO and co-founder at Vordel, which was acquired by Axway. A regular speaker at industry conferences and a contributor to SOA World Magazine and Cloud Computing Journal, Mark holds a degree in mathematics and psychology from Trinity College Dublin and graduate qualifications in neural network programming from Oxford University.

CloudEXPO Stories
When building large, cloud-based applications that operate at a high scale, it’s important to maintain a high availability and resilience to failures. In order to do that, you must be tolerant of failures, even in light of failures in other areas of your application. “Fly two mistakes high” is an old adage in the radio control airplane hobby. It means, fly high enough so that if you make a mistake, you can continue flying with room to still make mistakes. In his session at 18th Cloud Expo, Lee Atchison, Principal Cloud Architect and Advocate at New Relic, will discuss how this same philosophy can be applied to highly scaled applications, and can dramatically increase your resilience to failure.
SAP is the world leader in enterprise applications in terms of software and software-related service revenue. Based on market capitalization, we are the world's third largest independent software manufacturer. Harness the power of your data and accelerate trusted outcome-driven innovation by developing intelligent and live solutions for real-time decisions and actions on a single data copy. Support next-generation transactional and analytical processing with a broad set of advanced analytics - run securely across hybrid and multicloud environments.
Founded in 2002 and headquartered in Chicago, Nexum® takes a comprehensive approach to security. Nexum approaches business with one simple statement: “Do what’s right for the customer and success will follow.” Nexum helps you mitigate risks, protect your data, increase business continuity and meet your unique business objectives by: Detecting and preventing network threats, intrusions and disruptions Equipping you with the information, tools, training and resources you need to effectively manage IT risk Nexum, Latin for an arrangement by which one pledged one’s very liberty as security, Nexum is committed to ensuring your security. At Nexum, We Mean Security®.
The vast majority of businesses now use cloud services, yet many still struggle with realizing the full potential of their IT investments. In particular, small and medium-sized businesses (SMBs) lack the internal IT staff and expertise to fully move to and manage workloads in public cloud environments. Speaker Todd Schwartz will help session attendees better navigate the complex cloud market and maximize their technical investments. The SkyKick co-founder and co-CEO will share the biggest challenges uncovered by the company's [2017 survey](https://offers.skykick.com/top-cloud-challenges) of North American business, sales and IT leaders.
All in Mobile is a mobile app agency that helps enterprise companies and next generation startups build the future of digital. We offer mobile development and design for smartphones, tablets and wearables. Our projects cover the latest and most innovative technologies - voice assistants, AI, AR/VR and more. We excel at solutions for sports, fintech and retail industries.